USN-3268-1: QEMU vulnerabilities

Ubuntu Security Notice USN-3268-1

qemu vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.04

Summary

Several security issues were fixed in QEMU.

Software description

qemu – Machine emulator and virtualizer

Details

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPUdevice. An attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-10028)

It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-8667)

Jann Horn discovered that QEMU incorrectly handled VirtFS directorysharing. A privileged attacker inside the guest could use this issue toaccess files on the host file system outside of the shared directory andpossibly escalate their privileges. In the default installation, when QEMUis used with libvirt, attackers would be isolated by the libvirt AppArmorprofile. (CVE-2016-9602)

Gerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGAdevice when being used with a VNC connection. A privileged attacker insidethe guest could use this issue to cause QEMU to crash, resulting in adenial of service, or possibly execute arbitrary code on the host. In thedefault installation, when QEMU is used with libvirt, attackers would beisolated by the libvirt AppArmor profile. (CVE-2016-9603)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. Anattacker inside the guest could use this issue to cause QEMU to leakcontents of host memory. (CVE-2016-9908)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. Anattacker inside the guest could use this issue to cause QEMU to crash,resulting in a denial of service. (CVE-2016-9912, CVE-2017-5552,CVE-2017-5578)

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing.A privileged attacker inside the guest could use this issue to cause QEMUto crash, resulting in a denial of service. (CVE-2016-9914)

Jiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCIdevice emulation. A privileged attacker inside the guest could use thisissue to cause QEMU to crash, resulting in a denial of service.(CVE-2017-5987)

Li Qiang discovered that QEMU incorrectly handled USB OHCI controlleremulation. A privileged attacker inside the guest could use this issue tocause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)

Update instructions

The problem can be corrected by updating your system to the following package version: